CVE-2024-22341

Medium

Published: 22 February 2025

Published

22 February 2025

Modified

29 September 2025

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0003 7.8th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.

Security Summary

CVE-2024-22341 is a vulnerability in IBM Watson Query on Cloud Pak for Data, affecting versions 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7. It arises from improper privilege management, which could allow unauthorized data access from a remote data source object. The issue is rated with a CVSS v3.1 base score of 5.3 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-73 and NVD-CWE-Other.

A remote attacker with low privileges can exploit this vulnerability over the network, though it requires high attack complexity. Successful exploitation enables high-impact unauthorized access to confidential data from remote data sources, without impacting integrity or availability.

IBM's security advisory provides details on mitigation and patches; see https://www.ibm.com/support/pages/node/7183851.

Details

CWE(s): CWE-73NVD-CWE-Other

Affected Products

ibm

watson query with cloud pak for data

4.0 — 4.0.9 · 4.5 — 4.5.3 · 4.6 — 4.6.6

References

https://www.ibm.com/support/pages/node/7183851
Vendor Advisory · psirt@us.ibm.com